Merge "Exempt tetheroffload hal from network socket restrictions" into oc-dev

2017-06-21 23:26:21 +00:00 · 2017-06-21 23:26:21 +00:00 · 6351c374c2
commit 6351c374c2
parent 3e307a4de5 d75a2c0cc8
1 changed files with 3 additions and 2 deletions
--- a/public/hal_neverallows.te
+++ b/public/hal_neverallows.te
@ -8,10 +8,11 @@ neverallow {
  -rild
 } self:capability { net_admin net_raw };

-# Unless a HAL's job is to manage network hardware, it should not be
-# using network sockets.
+# Unless a HAL's job is to communicate over the network, or control network
+# hardware, it should not be using network sockets.
 neverallow {
  halserverdomain
+  -hal_tetheroffload_server
  -hal_wifi_server
  -hal_wifi_supplicant_server
  -rild